mod_ssl redirect to site if client does not have valid certificate

Esaia · July 16, 2008, 6:58am

Hello!

I have setup a site to which users authenticate against with openssl certificates.
Everything works just fine, be I wish to be able to redirect to a error page with instructions instead of displaying the default error page that firefox displays.

How to? I got nothing out of google...

Best regards.

zaxxon · July 16, 2008, 7:08am

Firefox displays only the error page that has been configured in your (I guess) Apache. Check your httpd.conf or a related include file where errors are defined like for example:

...
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
...

Also check the official Apache documentation:
Custom Error Responses - Apache HTTP Server

Esaia · July 16, 2008, 7:17am

Ah I'm sorry! yes its apache.
Ok I will look into this!
Thank you for your response!

Esaia · July 21, 2008, 7:44am

Hello again, I've looked in to the httpd.conf but I cant figure out which error code apache generates and how to fetch it into an event.

What I know is that the server sends "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" to the client, but I dont know how to use that error code to display an error page.

Please help

zaxxon · July 21, 2008, 10:21am

Can you check the Apache's access_log (or whatever it's name it is for the access log in your config) - the should be entries like for example:

10.10.1.23 - - [17/Jul/2008:07:07:47 +0200] "GET /somedir HTTP/1.1" 401 1446

The 401 is the error code in this example which is what you can configure in your httpd.conf or include file for it, afaik.
When you reproduce that "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" error, you should check what kind of entry you get added in the access log I mentioned above. Maybe you can write a directive for that then like mentioned in one of my former answers.

Esaia · July 22, 2008, 3:08am

Hello!

Ah now I get what you mean!

xx.xx.xx.xx - - [22/Jul/2008:09:04:07 +0200] "GET /wiki/index.php/Main_Page HTTP/1.1" 403 -

This is what I get, I've added the following line in my vhost entry:
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var

But no success yet.

zaxxon · July 22, 2008, 5:00am

What error do you get in the browser window and in the logs of the webserver?

I can't describe it further - I would have to test it myself, so you will have to look up examples and try around, sorry.

Is the ErrorDocument directive placed inside the <Directory></Directory>?

Here you find the details on that directive:
core - Apache HTTP Server